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" % " Abstract 

CN 

We show how systems of session types can enforce interactions to be bounded for aU typable 

("V^ , processes. The type system we propose is based on Lafont's soft linear logic and is strongly 

Cn ■ inspired by recent works about session types as intuitionistic linear logic formulas. Our main 

r^ ' result is the existence, for every typable process, of a polynomial bound on the length of 

C^ , reduction sequences starting from it and on the size of its reducts. 
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1 Introduction 



en 

\,^ [ Session types are one of the most successful paradigms around which communication can be 

^^ ■ disciplined in a concurrent or object-based environment. They can come in many different flavors, 

c/3 I depending on the underlying programming language and on the degree of flexibility they allow 

, ^/ when defining the structure of sessions. As an example, systems of session types for multi-party 

interaction have been recently introduced [F , while a form of higher-order session has been shown 
Cn ' to be definable [llj. Recursive types, on the other hand, are part of the standard toolset of session 

K^ I type theories since their inception [7]. 

The key property induced by systems of session types is the following: if two (or more) processes 
can be typed with "dual" session types, then they can interact with each other without "going 



^+ ■ wrong" , i.e. avoiding situations where one party needs some data with a certain type and the 

1^ I other(s) offer something of a different, incompatible type. Sometimes, one would like to go beyond 

f— ^ ■ that and design a type system which guarantees stronger properties, including quantitative ones. 

An example of a property that wc find particularly interesting is the following: suppose that two 

processes P and Q interact by creating a session having type A through which they communicate. 

Is this interaction guaranteed to be finite? How long would it last? Moreover, P and Q may 

. - be forced to interact with other processes in order to be able to offer A. The question could 

r> I then become: can the global amount of interaction be kept under control? In other words, one 

jrt ' could be interested in proving the interaction induced by sessions to be bounded. This problem 

has been almost neglected by the research community in the area of session types, although it is 

the manifesto of the so-called implicit computational complexity (ICC), where one aims at giving 

machine-free characterizations of complexity classes based on programming languages and logical 

systems. 

Linear logic (LL in the following) has been introduced twenty-five years ago by Jean- Yves 
Girard 6J. One of its greatest merits has been to allow a finer analysis of the computational 
content of both intuitionistic and classical logic. In turn, this is made possible by distinguishing 
multiplicative as well as additive connectives, by an involutive notion of negation, and by giving a 
new status to structural rules allowing them to be applicable only to modal formulas. One of the 
many consequences of this new, refined way of looking at proof theory has been the introduction 
of natural characterizations of complexity classes by fragments of linear logic. This is possible 
because linear logic somehow "isolates" complexity in the modal fragment of the logic (which 
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is solely responsible for the hyperexponential complexity of cut elimination in, say intuitionistic 
logic), which can then be restricted so as to get exactly the expressive power needed to capture 
small complexity classes. One of the simplest and most elegant of those systems is Lafont's soft 
linear logic (SLL in the following) , which has been shown to correspond to polynomial time in the 
realm of classical P] , quantum [S; and higher-order concurrent computation [4 . 

Recently, Caires and Pfenning [1, have shown how a system of session types can be built around 
intuitionistic linear logic, by introducing ttDILL, a type system for the 7r-calculus where types 
and rules are derived from the ones of intuitionistic linear logic. In their system, multiplicative 
connectives like Cg) and — o allow to model sequentiality in sessions, while the additive connectives 
& and © model external and internal choice, respectively. The modal connective !, on the other 
hand, allows to model a server of type \A which can offer the functionality expressed by A many 
times. 

In this paper, we study a restriction of ttDILL, called ttDSLL, which can be thought of as being 
derived from ttDILL in the same way as SLL is obtained from LL. In other words, the operator ! 
behaves in ttDSLL in the same way as in SLL. The main result we prove about vrDSLL is precisely 
about bounded interaction: whenever P can be typed in ttDSLL and P ^" Q, then both n and 
IQI (the size of the process Q, to be defined later) are polynomially related to |P|. This ensures 
an abstract but quite strong form of bounded interaction. Another, perhaps more "interactive" 
formulation of the same result is the following: if P and Q interact via a channel of type A, then 
the "complexity" of this interaction is bounded by a polynomial on \P\ + \Q\, whose degree only 
depends on A. The proof of bounded interaction for ttDSLL is structurally similar to the one of 
polynomial time soundness for SLL, but there are a few peculiarities which makes the argument 
more complicated (see Section [5] for more details). 

We see this paper as the first successful attempt to bring techniques from implicit computa- 
tional complexity into the realm of session types. Although proving bounded interaction has been 
technically nontrivial, due to the peculiarities of the TT-calculus, we think the main contribution 
of this work lies in showing that bounded termination can be enforced by a natural adaptation of 
known systems of session types. 

2 An Informal Account on ttDILL 

In this section, we will outline the main properties of ttDILL, a session type system recently 
introduced by Caires and Pfenning [1] [2]. For more information, please consult the two cited 
papers. 

In ttDILL, session types are nothing more than formulas of (propositional) intuitionistic linear 
logic without atoms but with (multiplicative) constants: 

A::=l I A(g)A \ A^A \ A® A \ AkA \ lA. 

These types are assigned to channels (names) by a formal system deriving judgments in the form 

T; A h P :: X : A, 

where F and A are contexts assigning types to channels, and P is a process of the name-passing 
TT-calculus. The judgment above can be read as follows: the process P acts on the channel x 
according to the session type A whenever composed with processes behaving according to F and 
A (each on a specific channel). Informally, the various constructions on session types can be 
explained as follows: 

• 1 is the type of an empty session channel. A process offering to communicate via a session 
channel typed this way simply synchronizes with another process through it without exchanging 
anything. This is meant to be an abstraction for all ground session types, e.g. natural numbers, 
lists, etc. In linear logic, this is the unit for O. 

• A (E) B is the type of a session channel x through which a message carrying another channel 
with type A is sent. After performing this action, the underlying process behaves according to 
B on the same channel x. 



• A ^ B is the adjoint to A(^ B: on a channel with this type, a process communicate by first 
performing an input and receiving a channel with type A, then acting according to B, again 
on X. 

• ^ ® _B is the type of a channel on which a process either sends a special message inl and 
performs according to A or sends a special message inr and performs according to B. This 
corresponds to internal choice. 

• The type Ak^B can be assigned to a channel x on which the underlying process offers the 
possibility of choosing between proceeding according to A or to B, both on x. So, in a sense, 
& models external choice. 

• Finally, the type \A is attributed to a channel x only if a process repeatedly receive a channel 
y through x, then behaving on y according to A. In other words, \A is the type of a process 
which offers to open new session of type A. 

The assignments in T and A are of two different natures: 

• An assignment of a type A to a channel x in A signals the need by P of a process offering a 
session of type A on the channel x; for this reason, A is called the linear context; 

• An assignment of a type A to a channel x in F, on the other hand, represents the need by P 
of a process offering a session of type \A on the channel x; thus, F is the exponential context. 

Typing rules ttDILL are very similar to the ones of DILL, itself one of the many possible formulations 
of linear logic as a sequent calculus. In particular, there are two cut rules, each corresponding to 
a different portion of the context: 

T; Ai h P :: X : A T; A2,x : Ah Q :: T T;(I} h P :: y : A r,x : A;Ah Q :: T 

F;Ai,A2h(:/x)(P I Q)::T F; A h (i/x)(!x(2/).P | Q) :: T 

Please observe how cutting a process P against an assumption in the exponential context requires 
to "wrap" P inside a replicated input: this allows to turn P into a server. 

In order to illustrate the intuitions above, we now give an example. Suppose that a process P 
models a service which acts on x as follows: it receives two natural numbers, to be interpreted as 
the number and secret code of a credit card and, if they correspond to a valid account, returns an 
MPS file and a receipt code to the client. Otherwise, the session terminates. To do so, P needs 
to interact with another service (e.g. a banking service) Q through a channel y. The banking 
service, among others, provides a way to verify whether a given number and code correspond to 
a valid credit card. In ttDILL, the process P would receive the type 

0; y : (N ^ N ^ 1 © 1)&A h P :: x : N ^ N ^ (S ® N) © 1, 

where N and S are pseudo-types for natural numbers and MP3s, respectively. A is the type of all 
the other functionalities Q provides. As an example, P could be the following process: 

x{nmi) .x{cdi) .y .±nl; 

{vnm2)y{nm2).{vcd2)y{cd2). 

2/.case(x.inl; {vmp)x{mp) .{i'rp)x{rp) , x.inr; 0) 

Observe how the credit card number and secret code forwarded to Q are not the ones sent by the 
client: the flow of information happening inside a process is abstracted away in ttDILL. Similarly, 
one can write a process Q and assign it a type as follows: 0;0l-(5::j/:(N— oN-ol© 1)&A. 
Putting the two derivations together, we obtain 0; h (vx){P | Q) :: x : N ^ N ^ (S (g) N) ® 1. 
Let us now make an observation which will probably be appreciated by the reader familiar with 
linear logic. The processes P and Q can be typed in ttDILL without the use of any exponential 
rule, nor of cut. What allows to type the parallel composition {vx){P \ Q), on the other hand, is 
precisely the cut rule. The interaction between P and Q corresponds to the elimination of that 
cut. Since there isn't any exponential around, this process must be finite, since the size of the 
underlying process shrinks at every single reduction step. From a process-algebraic point of view, 
on the other hand, the finiteness of the interaction is an immediate consequence of the absence of 
any replication in P and Q. 



The banking service Q can only serve one single session and would vanish at the end of it. To 
make it into a persistent server offering the same kind of session to possibly many different clients, 
Q must be put into a replication, obtaining R —\z{y).Q. In R, the channel z can be given type 
!((N ^3 N ^ 1 ffi 1)&A) in the empty context. The process P should be somehow adapted to be 
able to interact with R: before performing the two outputs on y, it's necessary to "spawn" R by 
performing an output on z and passing y to it. This way we obtain a process S such that 

0; z :!((N ^ N ^ 1 © 1)&A) h S* :: x : N ^ N ^ (S N) © 1, 

and the composition {i'z){S \ R) can be given the same type as {i>x)(P \ Q). Of course, S could 
have used the channel z more than once, initiating distinct sessions. This is meant to model 
a situation in which the same client interacts with the same server by creating more than one 
session with the same type, itself done by performing more than one output on the same channel. 
Of course, servers can themselves depend on other servers. And these dependencies are naturally 
modeled by the exponential modality of linear logic. 

3 On Bounded Interaction 

In ttDILL, the possibility of modeling persistent servers which in turn depend on other servers makes 
it possible to type processes which exhibit a very complex and combinatorially heavy interactive 
behavior. 

Consider the following processes, the first one parameterized on a natural number i G N: 

dupseri ^ \xi{y).{iyz)xt+i{z).{i'w)xi+i{w).; 
dupclient = {i'y)xo{y)', 
ser ^\x(y).0 

In ttDILL, these processes can be typed as follows: 

0;a;i-(-i :!l hdupser^ :: xi :!l; 
^;Xf) :!l ^dupclient :: z : 1; 
0;0 hser :: x :!l. 

Then, for every n G N one can type the parallel composition 

mulsern+i === (i^xi . . . a;„)(rfMpser„|| . . . \\dupserQ) 

as follows 

0; a;„ :!l h mulsern '■'■ xq :!l. 

Informally, mulsern is a persistent server which offers a session type 1 on a channel xq, provided 
a server with the same functionality is available on Xn- The process mulsern is the parallel 
composition of n servers in the form dupser^, each spawning two different sessions provided by 
dupser^j^i on the same channel x^+i. 

The process mulsern cannot be further reduced. But notice that, once ser, mulsern and 
dupclient arc composed, the following exponential blowup is bound to happen: 

{vx{)){ser I mulsern \ dupclient) = [vxq . . .Xn){ser \ dupser^\\ . . . Wdupser^ \ dupclient) 

— > [vx^ . . .Xn){ser \ dupser^^W . . . \\dupser-^ \ Pi) 
— > {vxi . . .Xn)(ser \ rfupser„|| . . . \\dupser2 \ P2 \ P2) 
^'^ (vx2 ■ ■ .Xn){ser \ dupserj\ . . . \\dupser.^ \ P3II • • • ll-fa) 



4 times 



{i'Xn){ser I dupsern \ P„|| . . . ||P„ 



2" times 



Here, for every i g N the process Pi is simply {vy)xi{y) .{vz)xi{z) . Notice that both the number or 
reduction steps and the size of intermediate processes are exponential in n, while the size of the 
initial process is linear in n. This is a perfectly legal process in ttDILL. Moreover the type !l of the 
channel xq through which dupclient and mulsern communicate does not contain any information 
about the "complexity" of the interaction: it is the same for every n. 

The deep reasons why this phenomenon can happen lie in the very general (and "generous") 
rules governing the behavior of the exponential modality ! in linear logic. It is this generality that 
allows the embedding of propositional intuitionistic logic into linear logic. Since the complexity of 
normalization for the former [121 llOj is nonelementary, the exponential blowup described above is 
not a surprise. 

It would be desirable, on the other hand, to be sure that the interaction caused by any process 
P is bounded: whenever P -^'^ Q, then there's a reasonably low upper bound to both n and \Q\. 
This is precisely what we achieve by restricting ttDILL into ttDSLL. 

4 ttDSLL: Syntax and Main Properties 

In this section, the syntax of ttDSLL will be introduced. Moreover, some basic operational properties 
will be stated and proved. 

4.1 The Process Algebra 

ttDSLL is a type system for a fairly standard TT-calculus, exactly the one on top of which ttDILL is 
defined: 

Definition 1 (Processes) Given an infinite set of names or channels x,y, z,. . ., the set of pro- 
cesses is defined as follows: 

P::=0 I P\Q I {iyx)P \ x{y).P \ x{y).P \ \x{y).P \ a;.inl;P | a;.inr;P | a;.case(P,g) 

The only non-standard constructs are the last three, which allow to define a choice mechanism: 
the process a;.case(P, Q) can evolve as P or as Q after having received a signal in the form inl 
o inr through x. Processes sending such a signal through the channel x, then continuing like P 
are, respectively, a;. inl; P and x.inr; P. The set of names occurring free in the process P (hereby 
denoted fn{P)) is defined as usual. The same holds for the capture avoiding substitution of a 
name x for y in a process P (denoted P{a:/y}), and for a-equivalence between processes (denoted 

Structural congruence is an equivalence relation identifying those processes which are syntac- 
tically different but can be considered equal for very simple structural reasons: 

Definition 2 (Structural Congruence) The relation =, called structural congruence, is the 
least congruence on processes satisfying the following seven axioms: 

P = Q whenever P =„ Q; (z^a;)0 = 0; 

P I = P; {vx){vy)P = {vy){vx)P; 

P\Q = Q\P; {{vx)P) I Q = {ux){P \ Q) whenever x i fn{Q)] 
P\{Q\R) = {P\Q)\R. 

Formal systems for reduction and labelled semantics can be defined in a standard way. We refer 
the reader to [1] for more details. 

A quantitative attribute of processes which is delicate to model in process algebras is their 
size: how can we measure the size of a process? In particular, it is not straightforward to define 
a measure which both reflects the "number of symbols" in the process and is invariant under 
structural congruence (this way facilitating all proofs). A good compromise is the following: 



Definition 3 (Process Size) The size \P\ of a process P is defined by induction on the structure 
of P as follows: 



|0| = 0; 


\x{y).P\ - 


1^1 + 1; 


|a;.inl;P| = 


|P| + 1; 


I^IQI = I^I + IQI; 


\x{y}.P\ = 


1^1 + 1; 


jx.inr; P\ = 


|P| + 1; 


\{iyx)P\ = \P\; 


My).P\ = 


1^1 + 1; 


|x.case(P,Q)| == 


l^l + IQI + i. 



According to the definition above, tlie empty process lias null size, while restriction does not 
increase the size of the underlying process. This allows for a definition of size which remains 
invariant under structural congruence. The price to pay is the following: the "number of symbols" 
of a process P can be arbitrarily bigger than \P\ (e.g. for every n E N, |(j/a;)"P| = |P|). However, 
we have the following: 

Lemma 1 For every P,Q, \P\ = \Q\ whenever P = Q. Moreover, there is a polynomial p : N — >^ N 
such that for every P , there is Q with P = Q and the number of symbols in Q is at most p{\Q\). 

Proof. The fact P = Q implies \P\ = \Q\ can be proved by a simple inspection of Definition [TJ 
The second part of the lemma can be proved by induction on P once the polynomial p is fixed as 
p{x) = x'^. □ 

4.2 The Type System 

The language of types of ttDSLL is exactly the same as the one of ttDILL, and the interpretation of 
type constructs does not change (see Section [2] for some informal details). Typing judgments and 
typing rules, however, are significantly different, in particular, in the treatment of the exponential 
connective !. More specifically, ttDILL allows to give type to the following processes: 

• For every type A, there is a process DERa such that 0; x :IA h DERa :: y : A. As an example, 
DERi is {i'z)x{z). Intuitively, DERa is a process opening a new session of type A by calling 
a server of type lA. 

• For every type A, there is a process CONTa such that %-x ■.\A h CONTa ■■ y -.lA&.A. 
Intuitively, CONTa is a process offering first a session of type lA and then proceeding as lA 
along the channel y. All this with the need of only a server of type lA from x. As an example, 
CONTi is 

(i^w) {s{w).{{\w{y).{i'z)x{z)) I {\s{y).{i^z)x{z)))). 

• For every type A, there is also a process DIG a such that 0; x :IA h DIG a '■'■ y ■^■^■A, which turns 
a server into a server of servers. The reader is invited to define DIGi as an exercise. 

As we will see at the end of this section, only DERa can be given a type in ttDSLL, while GONTa 
and DIG A cannot. 

In ttDSLL, typing judgments become syntactical expressions in the form 

r;A;ehP::2: : ^. 

First of all, observe how the context is divided into three chunks now: F and A have to be inter- 
preted as exponential contexts, while O is the usual linear context from ttDILL. The necessity of 
having two exponential contexts is a consequence of the finer, less canonical exponential discipline 
of SLL compared to the one of LL. We use the following terminology: F is said to be the auxiliary 
context, while A is the multiplexor context. 

Typing rules are in Figure [TJ The rules governing the typing constant 1, the multiplicatives 
((g) and ^) and the additives (® and &) are exact analogues of the ones from ttDILL. The only 
differences come from the presence of two exponential contexts: in binary multiplicative rules (^R 
and -<y L) the auxiliary context is treated multiplicatively, while the multiplexor context is treated 



r;A;ehP :: r 



r;A;e,x: 1 hP:: T T; A; h :: a; : 1 

r-A-e,y:A,x:BhP::T , Ti; A; Gi K P :: y : A Ta; A; 83 h g :: a; : B 



T;A;e,x:A(g)Bhx{y).P::T ^ Ti, Ta; A; 61, 63 h (z/y)a;(y).(P | Q) :: x : A (g) B 

Ti; A-^Qi, y: A^ P::T Ta; A; 62, a; : P h Q :: T T; A;e,y : Ah P :: x : B 

Fi, Tz; A; 81, 62, X : A ^ B h {uy)x{y).{P \ Q) :: T ^ *- F; A; 9 h a;(y).P :: a; : A ^ B 

r;A;e,x: AhP::T F; A; 6, x : P h P :: T T; A; 9 h P :: a: : A 

r;A;a; : AeP,9hy.case(P,Q) :: T ® F; A; 9 h a;.inl; P -.-.x: A®B ® 

r;A;9hP :: a; : P T; A; 9, x : A h P :: T 

)R2 7; — 7 — TZ . „ „ I ^ — :; — 7^ — — &Li 



Ri 



T; A; 9 h x.inr; P :: x : A® B "■ T; A; 9, a; : AkB h x.inl; P -..T 

r-A:&,x:BhP::T F; A; 9 h P :: a; : A r;A;9KP::x:P ^ 



T; A; 9, X : A&P h x.inr; P :: T ^ T; A; 9 h y.case(P, Q) :: x : yl&P 

T;A,x:A;e,y:A[-P::T T; A; 9, y : A h P :: P 

r;A,x : A;9h {vy)x{y).P :: T * r,x : A;A;9h {vy)x{y).P :: T ' 

r;A,x: A;9hP::T F, x : A; A; 9 h P :: T r;0;0hQ::y : A ^ 

r;A;9,x:!AhP::T ■ ^ T; A; 9,x :!A h P :: P ' 0; A; !r h!x(y).Q :: x :!A ''^ 

ri;A;9ihP::x:yl Ts; A; 92, x : A h Q :: P 



ri,r2;A;9i,92h(;/x)(P|Q)::T 

A;0;0hP::y :yl T; A,x : A; 9 h g :: P 

r;A;9hM(!x(y).P|g)::T 

ri;0;0hP::y: A r2, x : A; A; 9 h g :: T 
ri,r2;A;9h(i.x)(!x(y).P|g)::r 



cut 



cut# 



CUti 



Figure 1: Typing rules for ttDSLL. 



additively, as in vrDILll^. Now, consider the rules governing the exponential connective !, which 
are bi, b#, ILi, !L^ and !R: 

• The rules bi and \>^ both allow to spawn a server. This corresponds to turning an assumption 
X : Ain the linear context into one y : Ain one of the exponential contexts; in b#, a; : A could 
be already present in the multiplexor context, while in bi this cannot happen; 

• The rules ILi and !L# lift an assumption in the exponential contexts to the linear context; this 
requires changing its type from A to \A] 

• The rule !R allows to turn an ordinary process into a server, by packaging it into a replicated 
input and modifying its type. 

Finally there are three cut rules in the system, namely cut, cuti and cut;^: 

• cut is the usual linear cut rule, i.e. the natural generalization of the one from ttDILL. 

• cuti and cut# allow to eliminate an assumption in one of the the two exponential contexts. 
In both cases, the process which allows to do that must be typable with empty linear and 
multiplexor contexts. 

Observe how both CONTa and DIG a are not typable in ttDSLL. Take, as an example, CONT^: 
the two occurrences of x are in the scope of a replicated input, and this pattern is not allowed in 
the restricted setting of soft linear logic. On the other hand, DERa is indeed typable. Actually, 
a generalization of it called MULT\ (where n > 0) can be typed as follows 

ll}]$]x:lA^ MULT'X :: y: A(g) . . . (g) A . 

n + 2 times 

For example, MULT\ is the following process: 

{vx)y{x) .{vxi)y{xi) .{vx2)y{x2) . 

4.3 Back to Our Example 

Let us now reconsider the example processes introduced in Section [31 The basic building block 
over which everything is built was the process dupser.^ =\xi{y).{iyz)xi+i{z).{i>w)xi-^i{w).. We 
claim that for every i, the process dupser.^ is not typable in ttDSLL. To understand why, observe 
that the only way to type a replicated input like dupser^ is by the typing rule !R, and that its 
premise requires the body of the replicated input to be typable with empty linear and multiplexor 
contexts. A quick inspection on the typing rules reveals that every name in the auxiliary context 
occurs (free) exactly once in the underlying process (provided we count two occurrences in the 
branches of a case as just a single occurrence). However, the name Xij^i appears twice in the 
body of dupser^. A slight variation on the example above, on the other hand, can be typed in 
ttDSLL, but this requires changing its type. 

4.4 Subject Reduction 

A basic property most type systems for functional languages satisfy is subject reduction: typing 
is preserved along reduction. For processes, this is often true for internal reduction: if P — >■ Q 
and ^ P : A, then \~ Q : A. In this section, a subject reduction result for ttDSLL will be given and 
some ideas on the underlying proof will be described. Some concepts outlined here will become 
necessary ingredients in the proof of bounded interaction, to be done in Section [5] below. Subject 
reduction is proved by closely following the path traced by Caires and Pfenning; as a consequence, 
we proceed quite quickly, concentrating our attention on the differences with their proof. 

When proving subject reduction, one constantly work with type derivations. This is partic- 
ularly true here, where (internal) reduction corresponds to the cut-elimination process. A linear 



^The reader familiar with linear logic and proof nets will recognize in the different treatment of the auxiliary 
and multiplexor contexts, one of the basic principles of SLL: contraction is forbidden on the auxiliary doors of 
exponential boxes. The channel names contained in the auxiliary context correspond to the auxiliary doors of 
exponential boxes, so we treat them multiplicatively. The contraction effect induced by the additive treatment of 
the channel names in the multiplexor context corresponds to the multiplexing rule of SLL. 



lL(a;, D) -w D^ 

IR --^0 

0L{x,y.z.E) •-> x{y).E'' 

®R(D,E) - {,,y)x{y).{Dy \E-) 

-^Lix,D,y.E) {,yy)x{y).{Dy \P) 

-^ R(a;.D) •-> a;(2;).E^ 

cut(D,a;.E) -^ (i/a;)(D^ | P) 

cut!(D,a;.E) -w (t/a;)(!a;(y).D2' | P) 

cut#(D,a;.E) -w {iyx){lx{y).Dy \P) 

\)i{x,y.E) -w (i/y)a;(j/).P 

b#(a;,?/.E) -^ {vy)x{y).E'' 

!R(D,a:i,...,x„) ^ b(2/).DS' 

!L!(x.D) -> D^ 

!L#(a:.D) -4 D^ 

®L(a:, y.D,z.E) -> j/.case(D^, E^) 

©Ri(D) -^ x.inl;D^ 

©R2(D) -^ y.inr;D2' 

&Li(a;,y.E) -^ x.inl; D^ 

&L2(a;,y.D) ^ y.inr; D^ 

&R(D,E) -w z.case(D^P) 

Figure 2: Extraction of processes from proof terms. 

notation for proofs in the form of proof terms can be easily defined, allowing for more compact 
descriptions. As an example, a proof in the form 

7r:ri;A;ei hP::a: : A p : Fa; A; 62, x : A h Q :: T 

Fi, Ts; A; Gi, 62 hM(P I Q)::T ''''^ 

corresponds to the proof term cut(D,x.E), where D is the proof term for tt and E is the proof 
term for p. If D is a proof term corresponding to a type derivation for the process P, we write 
D = P. From now on, proof terms will often take the place of processes: F; A;0 h D :: T 
stands for the existence of a type derivation D with conclusion F; A; 8 h D :: T. The notation 
F;A;9hD^+P::r stands for the existence of a type derivation D such that F; A; 8 h D :: T 
and D = P. 

A proof term D is said to be normal if it does not contain any instances of cut rules. In Figure[2] 
we show in detail how processes are associated with proof terms. 

Subject reduction will be proved by showing that if P is typable by a type derivation D and 
P — > Q, then a type derivation E for Q exists. Actually, E can be obtained by manipulating 
D using techniques derived from cut-elimination. Noticeably, not every cut-elimination rule is 
necessary to prove subject reduction. In other words, we are in presence of a weak correspondence 
between proof terms and processes, and remain far from a genuine Curry-Howard correspondence. 

Those manipulations of proof-terms which are necessary to prove subject reduction can be 
classified as follows: 

• First of all, a binary relation =^ on proof terms called computational reduction can be defined. 
At the logical level, this corresponds to proper cut-elimination steps, i.e. those cut-elimination 
steps in which two rules introducing the same connective interact. At the process level, com- 
putational reduction correspond to internal reduction. =^ is not symmetric. Computational 
reduction rules are given in Figure [31 We stress that Lemma [3] below is needed in order to 
properly define some cases of computational reduction. 

• A binary relation 1 — > on proof terms called shift reduction, distinct from =^, must be intro- 



(cut/ ® R/ (g) L) : cut(((g)R(D,E)),a;. ® L(a;,y.x.F)) =^ cut(D, y.cut(E, x.F)) 

(cut/ -o L/ ^ R) : cut{~^R{y.D),x.^L{x,E,x.f)) =^ cut(cut(E, y.D), x.F) 

(cut/&R/&Li) : cut(&R(D,E),x.&Li(a;,y.F)) =^ cut(D,a;.F) 

(cut/feR/feLa) : cut(&R(D, E), a;.&L2(x,2/.F)) =^ cut(E,x.F) 

(cut/ © Ri/ © L) : cut(©Ri(D),a;. ©L(x,2/.E,z.F)) =^ cut(D,2;.E) 

(cut/ © R2/ © L) : cut(©R2(D),a:. ©L(x,2/.E,z.F)) =^ cut(D,a;.F) 

(cuti/ — /bi) : cut\{D,x.\>\{x,y.E)) =^ cut(DD., j/.cut#(D,a:.E4^)) 

(cut#/-/b#): cut#(D,x.b#(a;,y.E)) =^ cut(D4, y.cut#(D,x.E)) 

Figure 3: Computational reduction rules 

(cut/lR/lLi) : cut(!R(D,xi,...,x„),a;.!L!(a;.E)) 1 — > !L!(a;i.!L!(x2. . . . !L!(x„.cut#(D, ?/.E)) . . .)) 
(cut/!R/!L#) : cut(!R(D,a:i, . . . ,x„),a;.!L#(x.E)) ^^ !L!(xi.!L!(x2. . . . !L,(x„.cut#(D, y.E)) . . .)) 

Figure 4: Shift reduction rules 

duced. At the process level, it corresponds to structural congruence. As ^=^, 1 — ¥ is not a 
symmetric relation. Shift reduction rules are given in Figured 

• Finally, an equivalence relation = on proof terms called proof equivalence is necessary. At 
the logical level, this corresponds to the so-called commuting conversions, while at the process 
level, the induced processes are either structurally congruent or strongly bisimilar. Equivalence 
rules are given in Figure [S] 

The reflexive and transitive closure of 1 — > U = is denoted with ^^, i.e. '-^^ (1 — > U =)*. To help 
the reader understand the rules defining =>, 1 — > and =, let us give some relevant examples: 

• Let us consider the proof term D = cut(((g)R(F, G)), x. L(x, y.x.H)) which corresponds to the 
®-case of cut elimination. By a computational reduction rule, D =^ E = cut(F, j/.cut(G, x.H)). 
From the process side, D = {vx){{{vy)x{y) .{E \ G)) | x{y).Y\) and E — {vx){vy){{¥ \ G) | H), 
where E is the process obtained from D by internal passing the channel y through the channel 

X. 

• Let D = cut(!R(F, xi, . . . ,a;„),x.!L!(a;.G)) be the proof obtained by composing a proof F (whose 
last rule is !R) with a proof G (whose last rule is ILi) through a cut rule. A shift reduction 
rule tells us that D 1 — ;■ E = !L!(a;i.!L!(a;2. . . . !L!(a;„.cut!(F, y.G)) . . .)), which corresponds to the 
opening of a box in SLL. The shift reduction does not have a corresponding reduction step at 
process level, since D = E; nevertheless, it is defined as an asymmetric relation, for technical 
reasons connected to the proof of bounded interaction. 

• Let D = cut#(F,x.cut(G, y.H)). A defining rule for proof equivalence =, states that in 
D the cut:j^ rule can be permuted over the cut rule, by duplicating F; namely D = E = 
cut(cut:j^(F, a;.G), y.cut^(F,x.H)). This is possible because the channel x belongs to the mul- 
tiplexor contexts of both G,H, such contexts being treated additively. At the process level, 
D = {vx){Mym I (^y)(G I H)) , while E = [vymvx)My)^) I G)) | {{vx){\x{y)^) \ H))), 
D and E being strongly bisimilar. 

The rest of this section is devoted to proving the following result: 

Theorem 1 (Subject Reduction) Let F; A; 6 h D :: T. Suppose that D = P ^ Q. Then there 
is E such that E = Q, D ^^=^^^ E and $; *; 6 h E :: T, where F, A = $, *. 

The structure of the proof of Theorem [T] is divided into three steps, each of them consisting in one 
or more auxiliary results: 

1. First, given a process P and a typing derivation D of P, we establish a connection between 
typing and labelled semantics, showing that the visible actions of P behave according to the 
types assigned to the channels in P by D (Lemma E]). 

2. Second, we take two processes P and Q communicating with each other on the same channel 
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Structural Conversions 



(cut/ - /cuti) : cut(D, x.cut(E:i;, y.fy)) 

(cut/ - /cut2) : cut(D, x.cut(E, y.fxy)) 

(cut/ — /cuti) : cut(D,x.cut!(E, j/.Fj^y)) 

(cut/cuti/— ) : cut(cut!(D,y.Ey),x.Fa;) 

(cut/ - /cut#) : cut(D, x.cut#{E, y.fxy)) 

(cut/cut#/-) : cut(cut#(D,2/.Ey),x.Fa;) 

(cut/lR/lL) : cut(lR, x.lL(x, D)) 



= cut(cut(D,x.Ea;), J/.Fy) 

= cut(E,x.cut(D, j/.Fj;y)) 

= cut!(E, j/.cut(D,x.Fj;y)) 

= cut!(D, j/.cut(Ej,, x.Fj;)) 

= cut#(E,y.cut(D,x.Fj;y)) 

= cut#(D,2/.cut(Ey,x.F2,)) 

= D 



Strong Bisimilarities 



(cut#/ 


- /cut) : 


(cut#/ - 


- /cut#) 


(cut#/ 


- /cut,) : 


(cut./ - 


- /cuti) : 


(cut,/ - 


- /cutz) : 


(cut,/- 


/cut,)i : 


(cut,/- 


/cut,)2 : 


(cut,/- 


/cut#) : 


(cut#/ - 


/cut#)o 


(cut#/ 


-/-o): 



cut#(D,x.cut(Ej;,y.Fa;y)) 

cut#(D, x.cut^ {Ex, y-^xy)) 

cut#(D,x.cut!(E^,y.F^j,)) 

cut,(D,a;.cut(Ej;,2/.Fj,)) 

cut,(D,a;.cut(E,2/.Fa;j,)) 

cut!(D,x.cut!(Ej;,2/.Fj,)) 

cut!(D,a;.cut!(E,2/.Fa;j,)) 

CUt]{D,X.CUt^{Ex,y-Fxy)) 
CUt#(D, X.CUt^{Ex, y.fxy)) 

cut^(D,x.E) 



cut(cut#(D, x.E^), y.cut#(D, x.fxy)) 
cut#(D, x.cut#{Ex, |/.cut#(D, x.Fxy))) 

CUt!(Ej;,J/.CUt#(D,X.Fa;j^)) 

cut(cut!(D,x.Ea;),y.Fy) 
cut(E, y.cut,(D,x.Fa;j^)) 
cut!(cut,(D,x.E2,),y.Fj^) 

CUt!(E,X.CUt!(D,2/.Fa;j,)) 

cut#{Ex,y.cut\{D,x.Fxy)) 
cut#(E^,y.cut#(D,x.F^j,)) (iiy<^FV{F)) 
E {iix<^FN{E)) 



(cut/ - /IL) : 

(cut/-/!L,): 

(cut/ - /!L#) : 

(cut/lL/-) : 

(cut/!L,/-) : 

(cut/!L#/-) : 

(cut,/-/lL): 

(cut,/-/!L,): 

(cut!/-/!L#) 

(cut#/-/lL) 

(cut#/-/!L,) 

(cut#/-/!L#) 



Commuting Conversions 



cut(D,x.lL(2/, Ej;; 
cut(D,x.!L!(j/.Ea;^; 

cut{D,xAL#{y.Exz] 
cut(lL(y,D),x.E, 
cut(!L!(y.D^),x.Ej 

cut(!L#(y.D^),x.Ej 
cut,(D,x.lL(2/, Ej;^ 
cut,(D,x.!L!(y.Ea;^^ 

cut,(D,x.!L#(j/.Ea;^^ 

cut#(D,x.lL(2/, Ej,; 

cut#(D,x.!L!(j/.Ea;^^ 
cut#{D,x.ll#{y.Exz] 



lL(y,cut(D,x.E^)) 

!L,(y.cut(D,x.E^^)) 

!L#(y.cut(D,x.Ea;^)) 

lL(y,cut(D,x.E^)) 

!L,(2/.cut(D2,x.Ej;2)) 

!L#(y.cut(D2,x.E:r^)) 

lL(y,cut,(D,x.E^)) 

!L,(y.cut,(D,x.Ej,2)) 

!L#(y.cut,(D,x.Ej,2)) 

lL(y, cut#(D,x.Ea;)) 

!L,(y.cut#(D,x.Ej;2)) 

\L#{y.cut^{D,x.Exz)) 



Figure 5: Equivalence rules 
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x, and the corresponding typing derivations D, E, respectively. For all possible type assigne- 
ment of x, we show that by composing D and E with a cut rule and performing some proof 
manipulation we can obtain a proof F such that F is a typing derivation for the process R 
obtained by performing the communication of P and Q (lemmas [SI [Bl El HI HI UHl HU ■ 
3. Finally, we show that if a process P is typable by a type derivation D and P ^ Q, then a 
type derivation E for Q exists. This is done by showing that the internal reduction which 
brings from _P to Q is a consequence of the communication of two subprocesses of P. This 
communication can only happen in presence of a cut on the corresponding proof terms, so 
we conclude using the previous lemmas. 
The following propositions state the correspondences between the proof terms manipulation rules 
described above and relations over processes: we omit the proofs, leaving to the reader the verifi- 
cation of each case. 

Proposition 1 Let F; A; 6 h D :: T and $; *; E h E :: S*. // D =^ E, then D ^ E. 

Proposition 2 Let F; A; 9 h D :: T and $; *; S h E :: 5. // D i — > E, then D is equivalent to E 
modulo structural congruence. 

Proposition 3 Let F; A; 6 h D :: T and $; *; E h E :: 5". // D = E, then D is equivalent to E 
modulo structural congruence or strong bisimilarity. 

Before proceeding to Subject Reduction, we give the following two lemmas, concerning structural 
properties of the type system: the first one states that in a proof derivation the multiplexor context 
can be weakened. The second says that in a proof derivation assumptions in the auxiliary context 
can be "lifted" to the multiplexor context, while the underlying process stays the same. 

Lemma 2 (Weakening lemma) //F; A; 8 h D :: T and whenever A C $, ji holds that F; $; 8 h 
D :;r. 

Proof. By a simple induction on the structure of D. D 

Lemma 3 (Lifting lemma) // F; A; 6 h D :: T then there exists an E such that 0; F, A; 6 h E :: 

T where E = D. We denote E by Dij_. 

Proof. Again, a simple induction on the structure of the proof term D. □ 

The following is sort of a generation lemma {s{a) denotes the subject of the action a): 

Lemma 4 LetT;A;Q\-D-^P::x:T. 
Q and T = 1 then s{a) ^ x. 
Q and y : 1 G Q then s{a) ^ y. 



1. 


IfP 


2. 


IfP 


3. 


IfP 


I 


IfP 


5. 


IfP 


6. 


IfP 


7. 


IfP 


8. 


IfP 


9. 


IfP 


10. 


IfP 


IL 


IfP 


12. 


IfP 



Q and s{a) = x and T = A® B then a = (i>y)x{y). 
Q and s{a) = y and y : A(S) B G Q then a = y{z). 
Q and s{a) — x and T = A ^ B then a — x{y). 



Q and s{a) — y and y : A —o B G & then a — (i'z)y{z). 

Q and s{a) — x and T = AhB then a — a;.inl; or a — x.inr;. 



Q and s{a) = y and y : AhB G 8 then a = y.inl; or a = y.inr;. 
Q and s{a) — x and T — A® B then a = x.inl; or a — x.inr;. 

> Q and s{a) — y and y : A® B G Q then a = y.inl; or a — y.inr; 

> Q and s[a) = x and T —\A then a = x{y). 



Q and s{a) — y and y :IA or y gT or y G A or y G ^ then a = {vz)y{z). 

Proof. Trivial from definitions. D 

Crucial to the proof of the Subject Reduction Theorem is an analysis of how processes interacting 
with their environments performing dual action can communicate when composed by a cut rule. 
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Lemma 5 Assume that: 

1. Ti;A;eihD::x:A(g)B with b = P ^'''^^"'^^^ Q; 

2. Tz; A; 62, X : ^ ® B h E :: z : C with E^R ^^ S. 
Then: 

1. cut(D,x.E) ^^>==>^-> F for some F; 

2. ri,r2;A;ei,e2h E-.-.z-.C, where f= {iyx){Q \ S). 

Proof. By simultaneous induction on Di, D2. The property stated in the lemma holds also for 
the system ttDILL (see [I]); since the proof technique is essentially the same modulo some minor 
details, we omit the proof. □ 

Lemma 6 Assume 

1. Ti; A; 81 h Di w Fi ;: a; : A ^ B with Pi ^^ Qi 



2. r2; A; 82,0; : A ^ B h D2 -^ P2 :: 2 : C with P2 i^^^^2^ q^ 
Then 

1. cut(Di,a;.D2) '-^=^'^ D for some D; 

2. ri,r2;A;8i,82 h D -^ i? :: z : C for some R= {vx){vy){Qi \ Q2). 

Proof. Sec the proof of Lemma [5l □ 

Lemma 7 Assume 

1. Ti; A; 81 h Di -^ Pi :: x :!A with Pi ^^ Qi 



2. T2] A; 82, X -.lA'r D2 -^ P2 ■■■■ z : C with P2 i^^^^l^ Q^ 
Then 

1. cut(Di,x.D2) ^-)>=>^^- D for some D; 

2. ri,r2;A;8i,82 h D -> i? :: z : C for some R= {vx){vy){Qi \ Q2). 

Proof. See the proof of Lemma [51 □ 

Lemma 8 Assume 

1. Ti; A; 81 h Di -+ Pi :: a; : AkB with Pi ^^^^ Qi 



2. T2] A; 82, X : AkB h D2 -> P2 :: z : C with P2 ^^ Q2 
Then 

1. cut(Di,a;.D2) ^-!>^=^^^ D for some D; 

2. ri,r2;A;8i,82h D -> P :: z : C for some R= {vx){Qi \ Q2). 

Proof. Sec the proof of Lemma [5l □ 

Lemma 9 Assume 

1. ri;A;8i h Di ^ Pi :: x : A® B with Pi ^^^Qi. 

2. r2;A;82,a; : A©Ph D2 -»P2 :: z : C with P2 ^^^ Q2. 
Then 

1. cut(Di,x.D2) M>^=^^-> D for some D; 

2. ri,r2;A;8i,82 h D --^ P :: z : C for some R= ivx){Qi \ Q2). 

Proof. Sec the proof of Lemma [5l □ 

Lemma 10 Assume 

1. ri;0;0h Di -^ Pi :: X : A 



2. r2, a; : A; A; 8 h D2 -* P2 :: z : C with P2 ^''^^"'^^^ Q2 
Then 

1. cut!(Di, X.D2) '^^^^^ cut^(Di, a;.D) for some D where x ^ FV{D); 

2. L; $; 81- D-^P:: z : C/or some R = {vy){Pi \ Q2), where r,$ = ri,r2,x : A, A. 
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Proof. By induction on D2. We have different cases, depending from the last rules of D2. Let us 
just write down some relevant case: 

• Suppose D2 = b!(a;, y.E); then P2 = {vy)x{y).Q2 and r2,x : A; A; 6 h E ^> (52 :: 2 : C 
by inversion. Now cut!(Di, a;.b!(a;, y.E)) =^ cut(Di^,2/.cut^(Di, x.E^)) by (cuti/ — /bi) = 
cut#(Di,a;.cut(Di^,y.E4)) by (cut/ - /cut#). We pick D = cut(Dij|,y.E4); then T; $; 6 h 
D ^ Q2 :■■ z : C ioT some Q2 = {vy){Pi \ Q2), where T, $ = ri,r2,x : A, A. 

• Suppose D2 = cut#(Ei,y.E2); then A;0;0 h Ei -^ i?i :: w : C and T2,x : A; A; 6 h 

E2 ~^ R2 '■'■ z : B with P2 > Ri \ R2, by inversion. Now by induction hypothesis, 

cut!(Di,a;.E2) ^->-^^^-> cut^(Di, x.F) for some F (where x ^ FV{f)), and F; $; 82 h F ~^ 5 :: 
z : i? for some S = {vy){Pi \ R'2). cut!(Di, x.cut^(Ei, y.E2)) = cut#(Ei, y.cut!(Di, a;.E2)) by 
(cuti/ — /cut^), ^-!>^:^^-> cut#(Ei,y.cut^(Di,a:.F)) by congruence, = cut^(Di,x.cut^(Ei, y.F)) 
by (cut#/ - /cut#)o. Pick D = cut#(Ei,y.F). Then R = {vy)Ri \ S by cut, and T; $; 9 h 
D -^ R :: z : C ioT some R = {vy){Pi \ Q2). 
This concludes the proof. n 

Corollary 1 Assume 

1. ri;0;0h Di -^ Pi :: X : A 



2. T2,x : A; A]Q ^ D2 -^ P2 ■■■■ z : C with P2 ^"^^"^^^ Q2 
Then 

1. cut!(Di, a;.D2) ^-^^==>^-!' D for some D; 

2. r;$;eh D->i?:: z : C for some R = (vx){\x{y).Pi \ {vy){Pi \ Q2)), w/iere T, $ = Ti, r2, A 

Proof. Follows from Lemma [TUl D 

Lemma 11 Assume 

1. A;0;0h Di ->Pi :: x: A 



2. F; A, a; : A; e h D2 -w P2 :: z : C with P2 ^"^^""^^^ Q2 
Then : 

1. cut^(Di,a;.D2) ^^■^=^^^ cut#(Di,a;.D) for some D; 

2. $; *, a; : A; e h D -> i? :: z : C /or some R = [vx){vy){Pi \ Q2), where $, * = F, A. 

Proof. By induction on D2. We have different cases, depending from the last rules of D2. Let us 
just write down some relevant cases: 

• D2 = cut(Ei,y.E2). Assume F = Fi,F2 and 6 = 61,62. Now Fi;A,a; : A; 61 h Ei -^ i?i :: 
w : B and F2; A, a; : ^4; 6, w : B h E2 -^ i?2 :: ^ : C* by inversion. We have two cases:either 

P2 > Ri I it2 or P2 > iti I i?2- First case: cut#(Di,x.Ei) ^^^^^^ cut#(Di,a;.F) 

for some F; then Fi;A, a; : A;Qi h F ^^ S :: w : B ioi some S = (yy){P\ \ R[) by induc- 
tion hypothesis; cut^(Di,a;.cut(Ei,y.E2)) = cut(cut^(Di,a;.Ei),y.cut#(Di,a;.E2)) by (cut^/ — 
/cut), ^-7'^=>^-7' cut(cut#(Di,x.F),y.cut#(Di,x.E2)) by congruence = cut#(Di,a;.cut(F,y.E2)) 
by (cut#/ - /cut). Pick D = cut(F,y.E2); then R = {vy)S \ R2 by cut. Then F;A,a: : 
A]Q \- D -^ R :: z : C ior some R = {vy){Pi \ Q2)- Second case: cut^(Di,x.E2) ^-!>^=^M' 
cut^(Di,x.F) for some F; then F2;A, a; : A; 62 h F -w 5* :: ly : iJ for some 5* — {vy){Pi \ R'2) 
by induction hypothesis; cut#(Di, a;.cut(Ei, y.E2)) = cut(cut#(Di,a;.Ei),y.cut#(Di,a;.E2)) by 
(cut#/— /cut), ^^^==>^^ cut(cut#(Di, x.Ei), y.cut^(Di, a;.F)) by congruence, = cut#(Di, a;.cut#(Ei, y.F)) 
by (cut#/ - /cut). Pick D = cut#(Ei, y.F); then R = {vy)Ri \ S by cut. Then F; A, a; : A; 6 h 
D -^ i? :: z : C for some R = {vy){Pi \ Q2). 

• D2 = cut#(Ei,y.E2). A;0;0 h El w i?i :: -u; : B F;A,a; : A,u; : B;6 h E2 -> i?2 :: 2 : C by 

inversion. Now P2 > Ri \ R'2; cut#(Di,x.E2) ^^==>^^> cut#(Di,a;.F) for some F and 

T;A,x:A,w:B;Q\~f-^S::w:BioT some S = {vy){Pi \ R'2) by induction hypoth- 
esis. cut#(Di,a;.cut#(Ei,y.E2)) = cut#(Di,a;.cut#(Ei,y.cut#(Di,x.E2))) by (cut#/ - /cut#) 
^-!'^=^M> cut#(Di,a;.cut#(Ei,y.cut#(Di,a;.F))) by congruence, = cut^(Di,x.cut#(Ei,y.F)) by 
(cut#/ - /cut#). Pick D == cut#(Ei, y.F); then P2 = {i^v)Ri \ S by cut. Then F; A, a; : A; 6 h 
D -> i? :: z : C for some R = {vy){Pi | Q2). 

14 



This concludes the proof. D 



Corollary 2 Assume 
1. A;0;0h Di -> Pi :: 


:x:A 


2. r;x: A,A;ehD2 


^Q,::z:C with Q, ^^^^^^^ Q{ 



Then 

1. cut#(Di, a;.D2) ^^■=>^^ D for some D; 

2. $;*;ehD->g2 :: z: C for some Q2 = {vx){\x{y).Pi \ (i^y)(Pi | Q'{)), w/iere $, * = T, A. 

Proof. This follows from Lemma [TTl D 

We are finally able to give a proof of Subject Reduction for ttDSLL: 

Proof, (of Theorem [1]) We reason by induction on the structure of D. Since D = P — > Q the 
only possible last rules of D can be: IL, ILi, !L^, a linear cut (cut) or an exponential cut (cuti or 
cut:^). In all the other cases, the underlying process can only perform a visible action, as can 
be easily verified by inspecting the rules from Figure [TJ With this observation in mind, let us 
inspect the operational semantics derivation proving that P — >■ Q. At some point we will find two 
subprocesses of P, call them R and S, which communicate, causing an internal reduction. We 
here claim that this can only happen in presence of a cut, and only the communication between 
R and S must occur along the channel involved in the cut. Now, it's only a matter of showing 
that the just described situation can be "resolved" preserving types, and this can be done using 
the previous lemmas. Some relevant case: 

• D = cut!(Di,a:.D2); assume V = Ti,T2 and P = {ux)lx{w).Pi \ P2. Now ri;0;0 h Di -> Pi :: 
X : C and r2, x : A; A;ld \- D2 -^ P2 '■'■ z : A , hy inversion; from P ^ Q either P2 — > Q2 and 

Q = iiyxy.x{w).Pi I Q2 or P2 M^ q^ and Q = {iyxy.x{w).Pi \ {vy)P^ \ Q2. 

First case: 

r2,a; : A\ /S.\<d \- £2 -^ Q2 '■'■ z : A for some E2 with D2 '-^=^^^ E2 by i.h.; cut!(Di, a;.D2) ^^>^=>^-> 

cut!(Di, a;.E2) by congruence. Pick E = cut!(Di, a;.E2); then F; A; h E ^-* Q :: z : A by cuti. 

Second case: 

cut!(Di,x.D2) ^-^^^"^ E for some E; then F; A; h E ^> P :: z : A for some R = Q hy 

Corollary [T] 

• D = cut#(Di,a;.D2). Now, P = {vx)lx{w).Pi \ P2 and A; 0; h Di -* Pi :: x : C, F;A,a; : 
A; & \- D2 -^ P2 :: z : A , hy inversion; from P —> Q either P2 —> Q2 and Q = {i'xy.x{w).Pi | Q2 

or P2 S!2tM^ Q^ and Q = iiyxy.x{w).Pi \ {vy)Pi \ Q2 
First case: 

T; A,x : A;Q \- E2 ^^ Q2 '■'■ z : A for some E2 with D2 ^-S'=>^-> E2 by i.h. and cut^(Di, a;.D2) ^-^^^^^t- 
cut^(Di, a;.E2) by congruence. Pick E — cut^(Di, a;.E2); then T;A;QhE-^Q::z:Ahy 
cut# 

Second case: 

cut^(Di, a;.D2) ^->^=>^-> E for some E; then F; A; h E -^ P :: z : ^ for some P = Q by 
Corollary H 
This concludes the proof. D 

5 Proving Polynomial Bounds 

In this section, we prove the main result of this paper, namely some polynomial bounds on the 
length of internal reduction sequences and on the size of intermediate results for processes typable 
in ttDILL. In other words, interaction will be shown to be bounded. The simplest formulation of 
this result is the following: 

Theorem 2 For every type A, there is a polynomial pA such that whenever (/};$; x : A \- D :: y : 1 
and 0; 0; h E :: X : A where D and E are normal and (i/x)(D | E) -^" P, it holds that n, \P\ < 

Pa(|D| + |E|) 
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Intuitively, what Theorem [5] says is that the complexity of the interaction between two processes 
typable without cuts and communicating through a channel with session type A is polynomial in 
their sizes, where the specific polynomial involved only depends on A itself. In other words, the 
complexity of the interaction is not only bounded, but can be somehow "read off" from the types 
of the communicating parties. 

How does the proof of Theorem [2] look like? Conceptually, it can be thought of as being 
structured into four steps: 

1. First of all, a natural number W(D) is attributed to any proof term D. W(D) is said to be 
the weight of D. 

2. Secondly, the weight of any proof term is shown to strictly decrease along computational 
reduction, not to increase along shifting reduction and to stay the same for equivalent proof 
terms. 

3. Thirdly, W(D) is shown to be bounded by a polynomial on |D|, where the exponent only 
depends on the nesting depth of boxes of D, denoted B(D). 

4. Finally, the box depth B(D) of any proof term D is shown to be "readable" from its type 
interface. 

This is exactly what we are going to do in the rest of this section. Please observe how points [TH2] 
above allow to prove the following stronger result, from which Theorem [2] easily follows, given 
point m 

Proposition 4 For every n G N, there is a polynomial p„ such that for every process P with 
r;A;e\~ P::T, if P ~^"' Q, then m,\Q\ < pTs,,p-A\P\) . 



5.1 Preliminary Definitions 

Some concepts have to be given before we can embark in the proof of Proposition U) First of all, 
we need to define what the box-depth of a process and of a proof term are. Simply, given a process 
P, its box-depth B(P) is the nesting-level of replicationqj in P. As an example, the box-depth of 
\x{y).\z{w).0 is 2, while the one of {i'x)y{z) is 0. 

Formally, given a proof term D its box depth B(D) is defined as follows, by induction on the 
structure of D: 



B(1L(2;, D)) =B(D) 
B(1R) =0 
M{(S)L{x,y.z.D)) =B(D) 

B((g)R(D, E)) = max{B(D), ] 
8H L(a;, D, y.E)) = max{B(D), ] 
B(^ R(a;.D)) = B(D) 
B(&Li(x,2/.D))=B(D) 
B(&L2(x,2/.D))=B(D) 

B(&R(D,E)) =max{B(D),] 
i(©L(a;, 2/.D, z.E)) = max{B(D), ] 





B(®Ri(D)) 


= B(D) 




B(©R2(D)) 


= B(D) 




M{\>i{x,y.D)) 


= B(D) 


(E)} 


B(b#(a;,y.D)) 


= B(D) 


(E)} 


B(!L!(a;.D)) 


= B(D) 




B(!L#(a;.D)) 


= B(D) 




B(!R(xi,...,a;„,D)) 


= 1+B(D) 




B(cut(D,a;.E)) 


= max{B(D),B(E)} 


(E)} 


B(cut!(D,a;.E)) 


= max{B(D)-hl,B(E)} 


(E)} 


B(cut#(D,a;.E)) 


= max{B(D)-|-l,B(E)} 



Analogously, the box-depth of a proof term D is simply B(D). 

Now, suppose that F; A; h D :: T and that x : A belongs to either F or A, i.e. that x is 
an "exponential" channel in D. A key parameter is the virtual number of occurrences oi x in D, 
which is denoted as FO(x, D). This parameter, as its name suggests, is not simply the number of 
literal occurrences of x in D, but takes into account possible duplications derived from cuts. So, for 
example, FO(w,cut!(D,x.E)) = FO(x, E) • FO(w, D) + FO(w, E), while FO(u;, ®R(D, E)) is merely 



^This terminology is derived from linear logic, where proofs obtained by the promotion rule are usually called 
boxes 
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D) 



(w, E). Obviously, ¥0{w,\)\{x,w.D)) == 1 and FO(w, b#(x, w.D)) = 1. Formally: 



Wi 



FO(w, lL(x, D) 


) ==FO(w,D) 


FO(u;, IR 


) =0 


¥0{w,®L{x,y.z.D) 


) =FO(w,D) 


FO(w,(8)R(D,E) 


) = FO(w, D) + FO(u;, E) 


FO(w,^ L(x, D,2/.E) 


) =FO(w,D)+FO(w, E) 


FO(w7,^ R(a;.D) 


) = FO(w, D) 


FO(w,cut(D,x.E) 


) =FO(w,D)+FO(u;, E) 


FO(w,cut!(D,x.E) 


) = FO(.T, E) ■ FO(u;, D) + FO(u;, E 


FO(w,cut#(D,x.E) 


) = FO(x, E) ■ FO(u;, D) + FO(u;, E 


¥0{wMx,w.D) 


) = 1 


¥0{w,\>#ix,w.D) 


) = 1 


¥0{wMx,y-D) 


) = o 


¥0{w,\)#{x,y.D) 


) =0 


FO(w,!L,(a;.D) 


) = FO(u7, D) 


FO(u;,!L#(a;.D) 


) = FO(w, D) 


0(w;,!R(xi,...,x„,D) 


) =0 


FO(w,®L(x,j/.D,z.E) 


) = FO(w;, D) + FO(u;, E) 


FO(w,®Ri(D) 


) = FO(w;, D) 


FO(w,©R2(D) 


) = FO(w, D) 


¥0{w,kLi{x,y.D) 


) = FO(w, D) 


FO(M;,&L2(a;,y.D) 


) = FO(w, D) 


FO(u;,&R(D,E) 


) =FO(w,D)+FO(u;, E) 



A channel in either the auxiliary or the exponential context can "float" to the linear context as 
an effect of rules ILi or !L^. From that moment on, it can only be treated as a linear channel. As 
a consequence, it makes sense to define the duplicability factor of a proof term D, written B(D), 
simply as the maximum of FO(a;, D) over all instances of the rules ILi or !L^ in D, where x is 
the involved channel. For example, D(!L,(a;.D)) = max{D(D),FO(2/, D)} and D(^ L(x, D,y.E)) = 
max{D(D),D(E)}. Formally, the duplicability factor D(D) of D is defined as follows: 

D(©Ri(D))=D(D) 

D(®R2(D))==D(D) 

e(b!(x,y.D)) ==©(D) 

D(b#(x,y.D))-©(D) 

lD)(!L!(a;.D)) == max{D(D),FO(y, D)} 
]D)(!L#(a;.D)) = max{D(D),FO(2/, D)} 
B(!R(a;i,...,x„,D))=©(D) 

©(cut(D,x.E)) = max{D(D),©(E)} 

P(cut!(D,x.E)) = max{P(D),D(E)} 

P(cut#(D,x.E)) = max{P(D),D(E)} 

It's now possible to give the definition of W(D), namely the weight of the proof term D. Before 
doing that, however, it is necessary to give a parameterized notion of weight, denoted W„(D). 
Intuitively, W„(D) is defined similarly to |D|. However, every input and output action in D can 
possibly count for more than one: 



D(lL(a;,D)) 


= D(D) 




D(1R) 


= 




]D){(g)L{x,y.z.D)) 


= ©(D) 




B(«.R(D,E)) 


= max{D(D) 


D(E)} 


)HL(x,D,j/.E)) 


= max{]I])(D) 


ro(E)} 


B{-^ R(x.D)) 


= ©(D) 




D(&Li(x,2/.D)) 


= D(D) 




e(&L2(x,y.D)) 


= ©(D) 




D(&R(D,E)) 


= max{©(D) 


D(E)} 


(©L(x,2/.D,z.E)) 


= max{©(D) 


B(E)} 
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• Everything inside D in !R(a;i, . . . , x„, D) counts for n; 

• Everything inside D in cither cut!(D,x.E) or cut^(D,x.E) counts for 



example, W„(cut#(D,a;.E)) =FO(x, E)- 
inally: 


W„(D)+W„(E), while W„(&L 


W„(lL(a;,D) 


) = W„(D) 


W„(1R 


) = 


W„(®L(x,y.z.D) 


) = 1+W„(D) 


W„(®R(D,E) 


) = 1+W„(D)+W„(E) 


W„HL(x,D,y.E) 


) = 1+W„(D)+W„(E) 


W„(^ R(a;.D) 


) = 1+W„(D) 


W„(cut(D,x.E) 


)=W„(D)+W„(E) 


W„(cut!(D,x.E) 


)=FO(x,E)-W„(D)+W„(E 


W„(cut#(D,x.E) 


)=FO(x,E)-W„(D)+W„(E 


W„(b,(x,y.D) 


) = 1+W„(D) 


W„(b#(x,2/.D) 


) = 1+W„(D) 


W„(!L!(a;.D) 


) = W„(D) 


W„(!L#(x.D) 


) = W„(D) 


W„(!R(xi,...,x„,D) 


) = n-(W„(D) + l) 


W„(®L(x,y.D,z.E) 


) = 1+W„(D)+W„(E) 


W„(©Ri(D) 


) = 1+W„(D) 


W„(©R2(D) 


) = 1+W„(D) 


W„(&Li(x,y.D) 


) = 1+W„(D) 


W„(&L2(x,2/.D) 


) = 1+W„(D) 


W„(&R(D,E) 


) = 1+W„(D)+W„(E) 


V, W(D) is simply Wd(d)(D). 





1+W„(D) 



5.2 Monotonicity Results 

The crucial ingredient for proving polynomial bounds are a series of results about how the weight 
D evolves when D is put in relation with another proof term E by way of either ^=^, i — > or =. 

Lemma 12 For every D, ©(D) = ©(Dj;) and for every n, W„(D) = W„(D4|). 

Whenever a proof term D computationally reduces to E, the underlying weight is guaranteed to 
strictly decrease: 



Proposition 5 // T; A; 9 h D :: T and D 

D(E) < ©(D) and W(E) < W(D). 



E, then $;*;e h E :: T (where r,A = $, *j, 



Proof. By induction on the proof that D =^ E. Some interesting cases: 
• Suppose that D = cut(^ R(y-F), x. -o l{x, G, a;.H)) =^ cut(cut(G, y.f), x.H) == E. Then, 



©(D) = max{©(F),©(G),©(H)} = ©(E); 
W(D) = Wd(d)(D) = 3 + Wd(d)(F) + Wd(d) 



(G) 



>2 



J(E) 



(F) 



J(E)(G) 



%D)(H) 

XE)(H)=Wd(e)(E)=^ 
• Suppose that D = cut(&:R(F,G), x.&Li(a;,y.H)) =^cut(F, x.H) = E. Then, 

©(D) = max{©(F),©(G),©(H)} = ©(E); 
W(D) = Wd(d)(D) = 3 + Wd(d)(F) + Wd(d)(G) + Wd(d)(H) 



>2 + Wd(e)(F)+Wd(e)(G)+' 



J(E 



.(H) 



J(E 



.(E) 
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• Suppose that D = cut!(F,x.b!(x,2/.G)) =^ cut(Fjj,,y.cut^(F,x.G^)) = E. Then, 

D(D) = max{D(Fj|),D(G4)} = max{P(F),P(F),P(G)} = D(E); 
W(D)=WD(D)(D)=FO(x,b!(x,y.G)).WD(D)(F^)+WD(D)(b!(x,y.G)) 
= Wd(d) (F) + Wd(d) (bi {x, y.G)) = Wd(d) (F) + 1 + Wd(d) (G) 
>Wd(e)(F) + 1+Wd(e)(G) 

>Wd(e)(F)+Wd(e)(G)=Wd(e)(F)+0-Wd(e)(F)+Wd(e)(G) 
= Wd(e) (F) + ¥0{x, G) • Wd(e) (F) + Wd(e) (G) 
= Wd(e)(E)=W(E). 

• Suppose that 

D = cut#(F,x.b#(x, j/.G)) =^ cut(F4,y.cut^(F, x.G)) = E. 

Then we can proceed exactly as in the previous case. 
This concludes the proof. D 

Shift reduction, on the other hand, is not guaranteed to induce a strict decrease on the underlying 
weight which, however, cannot increase: 

Proposition 6 // T; A; 9 h D :: T and D i — > E, then r;A;e h E :: T, D(E) < ©(D) and 
W(E) < W(D). 

Proof. By induction on the proof that D i — > E. Some interesting cases: 

• Suppose that 

D = cut(!R(xi,...,x„,F),x.!L!(x.G)) i — > !L!(xi.!L!(a;2. . . . !L!(x„.cut!(F,y.G)))) = E. 

Then, 

©(D) = max{lD)(F),ID)(G)} = ©(E) 

W(D) = Wd(d)(D) = ©(D) • Wd(d)(F) + Wd(d)(G) > FO(y, G) ■ Wd(d)(F) + Wd(d)(G) 
= FO(y, G) . Wd(e)(F) + Wd(e)(G) = Wd(e)(E) - W(E). 

• Suppose that 

D = cut(!R(xi,...,x„,F),x.!L#(x.G)) i — > !L#(xi.!L#(x2. . . . !L#(x„.cut#(F,y.G)))) = E. 

Then we can proceed as in the previous case. 
This concludes the proof. D 

Finally, equivalence leaves the weight unchanged: 

Proposition 7 // T; A; 6 h D :: T and D = E, then T; A; 9 h E :: T, ©(E) = ©(D) and 
W(E)=W(D). 

Proof. By induction on the proof that D = E. Some interesting cases: 

• Suppose that 

D = cut(F,.T.cut(G2;, y.Hj,)) = cut(cut(F,x.Gj;), j/.Hj,) ~ E. 

Then: 

©(D) = max{©(F),©(G^),©(Hj/)} = D(E) 
W(D)-Wd(d)(D)=Wd(d)(F)+Wd(d)(G.)+Wd(d)(Hs;) 

= Wd(e)(F) + Wd(e)(G.) + Wd(e)(Hj,) = Wd(e)(E) = W(E). 
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• Suppose that 

D = cut(F, a;.cut(G, y.H^j^)) = cut(G, x.cut(F, y.Hxy)) — E. 

Then we can proceed as in the previous case. 

• Suppose that 

D = cut(F, a;.cut!(G, y.Hxy)) = cut!(G, y.cut(F, x-H^y)) = E. 

Then, since FO(y, F) = 0, 

D(D) = max{D(F), ©(G), B{H^y)} = ©(E) 

W(D) = Wd(d)(D) = Wd(d)(F) + FO(2/, H,^) • Wd(d)(G) + WD(D)(H:.y) 
= WD(D)(F)+F(D)(y,cut(F,x.H,j,)).WD(D)(G)+WD(D)(H.3,) 
= Wd(e) (F) + FO(y, cut(F, x.H^y)) ■ Wd(e) (G) + Wd(e) (H.j,) 
= Wd(e)(E)=W(E). 

• Suppose that 

D = cut#(F, x.cut{Gx,y.H^y)) = cut(cut#(F, x.G.^),y.cut^{f, x.H^y)) = E. 

Then, 

©(D) - niax{©(F),©(G,),©(H,^)} = ©(E) 
W(D) = FO(a;, cut(G,, y.H,^)) ■ Wd(d)(F) + Wd(d)(G:.) + Wd(d)(H^j,) 

= (FO(x, G,) + ¥0{x, H^y)) ■ Wd(d)(F) + Wd(d)(Gx) + WD(D)(Hxy) 

= (FO(x, G,) • Wd(d)(F) + ¥0{x, H^y)) ■ Wd(d)(F) + Wd(d)(G:.) + WD(D)(Hxy) 

= WD(D)(cut#(F,x.G^))+WD(D)(cut#(F,a;.H:,y)) 

= Wd(d)(E)=Wd(e)(E)=W(E). 

This conchides the proof. D 

Now, consider again the subject reduction theorem (Theorem [T]); what it guarantees is that 
whenever P ^ Q and D — P, there is E with E = Q and D ^^^^^^ E. In view of the three 
propositions we have just stated and proved, it's clear that W(D) > E. Ahogether, this imphes 
that W(D) is an upper bound on the number or internal reduction steps D can perform. But is 
W(D) itself bounded? 

5.3 Bounding the Weight 

What kind of bounds can we expect to prove for W(D)? More specifically, how related are W(D) 
and |D|? 

Lemma 13 Suppose T; A; 6 h D :: T. Then 

1. Ifxe T, then ¥0{x, D) < 1; 

2. IfxG A, then FO(a;, D) < |D|; 

3. IfxG e, then ¥0{x, D) = 0; 

Proof. By induction on the structure of a type derivation tt for F; A; h D :: T. Some interesting 
cases: 

• If TT is 

pi : Fi; A; Gi h Di :: z : A p2 : T2; A; 62 h D2 :: y : 5 

Ti,r2;A;Qi,Q2^<E}R{Di,D2)::y:A^B 
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then 



• If TT is 



then: 



x,®R(Di,D2)) =FO(x, Di) < 1 ifxeTi 

a:,®R(Di,D2)) =FO(x, D2) < 1 if a; G r2 
X, ®R(Di, D2)) = FO(x, Di) + FO(a;, Di) 

< ID1I + ID2I < |®R(Di,D2)| ifxeA 

a;,(8)R(Di,D2)) =FO(a;, Di) =0 if a; G 61 

a;,(8)R(Di,D2)) =FO(x, D2) =0 if a; G 62 



ri;0;0h0:: Diz: A T2]Ti,y: A;^ h D2 :: T ^ 
r2;ri;ehcut#(Di,2/.D2)::T 

FO(a;, cut#(Di, 2/.D2)) = FO(y, D2) ■ FO(x, Di) + FO(a;, D2) 

<|D2|-l + |Di|< |cut#(Di,y.E2)| if x G Ti 

FO(a;, cut#(Di, J/.D2)) = FO(y, D2) ■ FO(x, Di) + FO(a;, D2) 

<|D2| -0+1 = 1 ifa;Gr2 

FO(a;, cut#(Di, y.E2)) = ¥0{y, D2) • FO(a;, Di) + FO(a;, D2) 

<|D2| -0+1 = 1 if a; GO 



ri;0;0h0::Diz:yl r2;A;9hD2::r ^^^ 
r2;A;ehcut,,(Di,2/.D2)::T 
then: 

FO(a:, cut™(Di, J/.D2)) = FO(y, D2) • FO(a;, Di) + FO(a;, D2) 

<0-l + = ifa;Gri 

FO(a;, cut^(Di, y.D2)) = F(D)(y, D2) • FO(a;, Di) + FO(x, D2) 

<0-0+l = l ifa;Gr2 

FO(a;, cut,„(Di, y.E2)) = FO(y, D2) • FO(a;, Di) + FO(x, D2) 

<0-0+|D2| < |cut#(Di,y.E2)| if a; G A 

FO(a;, cutu,(Di, y.E2)) = FO(y, D2) • FO(a;, Di) + FO(a:, D2) 

<0-0+l = l ifa;Ge 

This concludes the proof. □ 

Lemma 14 Suppose T; A; 6 h D :: T. Then D(D) < |D|. 

Proof. An easy induction on the structure of a type derivation tt for F; A; 8 h D :: T. Some 
interesting cases: 

ri;0;0h0:: Di2 : A r2; A,?/ : A; 6 h D2 :: T 



r2;A,ri;ehcut#(Di,y.D2)::T 
then, by Lemma [T51 and by induction hypothesis: 

D(cut#(Di,y.D2)) = max{©(Di),©(D2)} 
<max{|Di|,|D2|} 
<|cut#(Di,y.D2)| 
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cut# 



This concludes the proof. D 

Lemma 15 //r;A;eh D :: T, then for every n>D{D), W„(D) < |D| -n^^^'+i. 

Proof. By induction on the structure of D. Some interesting cases: 
• If D = (g)R(E,F), then: 

W„(®R(E, F)) = 1 + W„(E) + W„(F) 

< 1 + (|E| + |F|) ■ :^max{B(E) + l,B(F) + l} 

< (1 + |E| + |F|) ■ :^max{B(E) + l,B(F) + l} 

<|^R(E,F)|.n»(®R(E^F»+i 



• 



If D = cut!(D,a;.E), then: 



,(cut!(D,x.E)) = FO(a;, E) ■ (W„(D) + 1) + W„(E) 

< FO(a;, E) ■ (|D| • nB(°'+i + i) + |e| . „»(e)+i 
<n.|D|.n»(°)+i+n+|E|.n»(E)+i 
<|D|-nB(°)+2 + n"(E)+i + |E|.nB(E)+i 

< (IDI + lEI + 1) • „max{B(D)+2,B(E) + l} 

= |cut,(D,a;.E)|.n»(™*^(D'--E)). 



• If D = !R(a;i, . . . , x„, E), then: 

W„(!R(a:i,...,x„,E))=n.(W„(E) + l) 

<n-|E|.n»(E)+i+n 

= (1 + |E|) .„"('R(^i---'^"^E))+i 
= l!R(a;i,...,x„,E)|.n»('R(--^--E))+i. 
This concludes the proof. □ 

5.4 Putting Everything Together 

We now have almost all the necessary ingredients to obtain a proof of Proposition 2] the only 
missing tales are the bounds on the size of any reducts, since the polynomial bounds on the length 
of internal reductions are exactly the ones from Lemma 1151 Observe, however, that the latter 
induces the former: 

Lemma 16 Suppose that P — s>" Q. Then \Q\<n- \P\. 

Proof. By induction on n, enriching the statement as follows: whenever P ^" Q, both \Q\ < 
n ■ \P\ and \R\ < \P\ for every subprocess _R of Q in the form lx{y).S. □ 

Lemma 17 For every D, B(D) = B(D) and |D| = |D|. 

Finally: 
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Proof. [Proposition H] Let {(jnjneN the polynomials coming from Lemma 1151 The polynomials 
we are looking for are defined as follows: 

Pnix) = qnix) +X -qnix). 

Now, suppose that P — >™ Q. By Theorem [1] there are proof terms D, E such that P = D, Q = E 
and 

Now, from propositions \5\ |6] and [71 it follows that 

W(D) > m + W(E) > m. 
As a consequence, by Lemma [T51 and Lemma ll7[ 

m < gB(D)(|D|) < qB{p){\P\) < Pk(p){\P\)- 

By Lemma [TBI it follows that 

IQI < m • |P| < <?„(p)(|P|) • \P\ < PMiP)i\P\)- 

This concludes the proof. D 

Let us now consider Theorem[5] how can we deduce it from Proposition^]? Everything boils down 
to show that for normal processes, the box-depth can be read off from their type. In the following 
lemma, M{A) and B(r) are the nesting depths of ! inside the type A and inside the types appearing 
in F (for every type A and context F). 

Lemma 18 Suppose that T; A; O h D :: x : A andthatD is normal. ThenM{D) = max{B(F),B(A),B(e), 



Proof. An easy induction on D. D 

The proof of bounded interaction is similar in structure to the one of polynomial time soundness 
for SLL (see [H])- However, the peculiarities of dual systems and of process algebras make it 
slightly more complicated. As an example, some of the strong bisimilarities on proof terms which 
are necessary to simulate process reduction (e.g. (cut^/ — /cut), see Figure[S]) exhibit complicated 
combinatorial behaviors, which need to be taken into account here. 

6 Conclusions 

In this paper, we introduced a variation on Caires and Pfenning's ttDILL, called ttDSLL, being 
inspired by Lafont's soft linear logic. The key feature of ttDSLL is the fact that the amount 
of interaction induced by allowing two processes to interact with each other is bounded by a 
polynomial whose degree can be "read off" from the type of the session channel through which 
they communicate. 

What we consider the main achievement of this paper is the "transfer of technology" from the 
functional world of implicit computational complexity to the concurrent framework of vr-calculus 
and session types, rather than the proof of the polynomial bounds itself, which can be obtained 
by adapting the ones in [5] or in [3] (although this anyway presents some technical difficulties 
due to the low-level nature of the 7r-calculus compared to the lambda calculus or to higher-order 
TT-calculus) . 

Another aspect that we find interesting is the following: it seems that the constraints on 
processes induced by the adoption of the more stringent typing discipline ttDSLL, as opposed to 
ttDILL, are quite natural and do not rule out too many interesting examples. In particular, the way 
sessions can be defined remains essentially untouched: what changes is the way sessions can be 
offered, i.e. the discipline governing the offering of multiple sessions by servers. All the examples 
in [T] and the one from Section [5] are indeed typable in ttDSLL. 

Topics for future work include the accommodation of recursive types into ttDSLL. This could 
be easier than expected, due to the robustness of light logics to the presence of recursive types [3]- 
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